World Youth Day Seoul 2027 Official Website Privacy Policy and Cookie Policy (Multilingual Version - International Compliance)

The WYD Seoul 2027 Local Organizing Committee (hereinafter the "LOC") operates the official website of World Youth Day Seoul 2027 www.wydseoul.org (hereinafter "the Website"). We are committed to protecting the privacy of our Website users and participants, and to processing personal data lawfully, fairly, and transparently in accordance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and other relevant international and local data protection regulations.  This document serves as both our Privacy Policy and Cookie Policy.
This Privacy Policy and Cookie Policy explains how we collect, use, disclose, retain, and protect your personal data, and describes your rights in relation to your personal data, including our use of cookies and tracking technologies.

1. General Principles

We respect your privacy and are committed to protecting your personal data. This policy details our practices regarding personal data and cookie usage to ensure transparency and compliance with global privacy standards.

2. Personal Data We Collect and Why We Collect It (Lawful Basis)

We collect personal data to facilitate participation in World Youth Day, operate the Website, and manage event-related activities. We will not use your personal data for purposes other than those specified below, or as permitted by law.
The lawful bases for processing your data may include:
1) Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications, non-essential cookies).
2) Contractual Necessity: Where processing is necessary for the performance of a contract to which you are party or to take steps at your request before entering into such a contract (e.g., an application for participation).
3) Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
4) Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided your fundamental rights and freedoms do not override those interests (e.g., improving services, security, website analytics).
Below are the types of personal data we may collect and the purposes for their use:
1) When you participate in events or authenticate yourself:
A. Categories of data: Email address (identification), mobile phone number, birth date, affiliated organization/institution.
B. Purpose of collection:
- Consignee: DFLUX CNC Co., Ltd. (Homepage System Maintenance)
- Consignee: DK Techwin Co., Ltd. (Sending a text message on the convention)
- Consignee: Stibee Co., Ltd. (Sending e-mails related to event)
- Consignee: Oracle Korea Ltd., (Archive data to Oracle Cloud Infrastructure (OCI))
- Lawful Basis: Contractual Necessity, Consent (for certain optional data).
2) Automatically collected data through Website use (including Cookies):
- Categories of data: IP address, browsing history, access logs, cookies, mobile device information (OS version, device model).
- Purpose of collection: To ensure website functionality, improve service quality, analyze traffic, diagnose technical problems, and optimize user experience.
- Lawful Basis: Legitimate Interests, Consent (for non-essential cookies).
- For detailed information on our use of cookies and how to manage them, please refer to Section 6 (Use of Cookies and Tracking Technologies) of this policy.

3. How We Use and Share Your Personal

Data
We will only use your personal data for the purposes for which we collected it, or for related purposes that are compatible with the original purpose. 1) International Data Transfers (for GDPR/UK GDPR users):
A. As an international event, your personal data may be transferred to and processed in countries outside your own, including where data protection laws may differ from those in your jurisdiction.
B. When transferring personal data outside the European Economic Area (EEA) or the UK, we will ensure appropriate safeguards are in place, such as standard contractual clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office, or by relying on adequacy decisions.
C. Specific International Transfers
Google Analytics (Website Analytics Service)
When you consent to the use of Google Analytics, certain data (such as IP addresses, cookie identifiers, and website usage information) will be transferred to and processed by Google LLC in the United States.
Transfer Details:
- Recipient: Google LLC
- Location: United States
- Data Transferred: IP addresses (anonymized), cookie identifiers, browsing behavior, device information
- Purpose: Website analytics and performance improvement
Safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Google's certification under the EU-US Data Privacy Framework
- Data Processing Agreement with Google LLC
- IP anonymization enabled
Your Rights:
- You can refuse or withdraw consent for Google Analytics at any time through our Cookie Settings.
- You can obtain a copy of the safeguards by contacting our Data Protection Officer For more information about Google's data practices, please visit : https://policies.google.com/privacy
Other International Transfers
If we engage in other international data transfers in the future, we will update this policy and notify you accordingly.

4. Data Retention and Deletion 

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations.
1) Event Registration Data: Generally, retained for up to 1 year after the event concludes for follow-up communications, statistical analysis, and to fulfill legal obligations.
After this period, data will be securely deleted or anonymized.
2) Website Usage Data & Cookie Data: Retained for a maximum of 3 months, or as required by specific communication laws and website analytics purposes.
3) Other Data: Retained until the specific purpose for which it was collected is fulfilled, or as otherwise agreed upon with you.

5. Your Data Protection Rights

You have certain rights regarding your personal data, which may vary depending on your jurisdiction. We are committed to upholding these rights globally.
1) Rights under GDPR/UK GDPR (for individuals in the EEA and UK):
A. Right of Access: To request copies of your personal data.
B. Right to Rectification: To request correction of inaccurate personal data.
C. Right to Erasure ('Right to be Forgotten'): To request deletion of your personal data.
D. Right to Restriction of Processing: To request that we limit the way we use your personal data.
E. Right to Object to Processing: To object to our processing of your personal data, particularly for direct marketing or certain cookie usage.
F. Right to Data Portability: To request transfer of your personal data to another organization or directly to you, in a structured, commonly used, and machine-readable format.
G. Right to Withdraw Consent: At any time, where our processing is based on your consent.
2) Rights under CCPA/CPRA, VCDPA, CPA (for residents of California, Virginia, Colorado, and other applicable US states):
A. Right to Know: To request disclosure of specific pieces and categories of personal information collected, sources, purposes, and third parties with whom it's shared/sold.
B. Right to Delete: To request deletion of personal information collected from you.
C. Right to Opt-Out of Sale/Sharing: To direct us not to sell or share your personal information to third parties (e.g., for cross-context behavioral advertising through cookies). While we do not “sell” personal data in the traditional sense, if our data sharing practices via cookies fall under the definition of “sale“ or “sharing“ under these laws, we will provide a clear opt-out mechanism (e.g., a "Do Not Sell or Share My Personal Information" link on our website footer, alongside cookie consent tools).
D. Right to Limit Use and Disclosure of Sensitive Personal Information: To limit the use and disclosure of your sensitive personal information to that which is necessary to perform the services or provide the goods requested.
E. Right to Correct Inaccurate Personal Information.
F. Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
3) How to Exercise Your Rights:
A. To exercise any of these rights, please contact our Data Protection Officer or Privacy Contact Person using the details provided in Section 8.
B. We may require verification of your identity before processing your request.

6. Use of Cookies and Tracking Technologies (Our Cookie Policy)

Our Website uses cookies and similar tracking technologies to enhance user experience, analyze website usage, and provide personalized services. This section outlines our Cookie Policy.
1) What are cookies?
Cookies are small text files placed on your device (computer, tablet, or mobile phone) by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. They help us remember your preferences, understand how you interact with our Website, and in some cases, provide you with more relevant content.
2) Types of Cookies We Use and Their Purpose:
A. Strictly Necessary Cookies:
These cookies are essential for the Website to function properly and enable you to navigate around our site and use its features, such as accessing secure areas. Without these cookies, services like secure login or event registration cannot be provided. (Lawful Basis: Legitimate Interest). B. Performance / Analytical Cookies:
These cookies collect information about how visitors use our Website (e.g., which pages you visit most often, if you get error messages from web pages). This data is aggregated and anonymous and helps us to understand and improve the performance of our Website. (Lawful Basis: Consent or Legitimate Interest, depending on jurisdiction and specific use).
3) Your Choices and Consent Regarding Cookies:
A. Cookie Consent (for GDPR/UK GDPR users): For users in the European Economic Area (EEA) and the UK, we will obtain your explicit consent for the use of non-essential cookies via a clear cookie banner or pop-up when you first visit our Website. You have the option to accept or reject cookies from different categories, and you can change them through Cookie Settings.
B. Opting Out of "Sale" or "Sharing" (for CCPA/CPRA, VCDPA, CPA users): For residents of applicable US states, you have the right to opt-out of the "sale" or "sharing" of your personal information, including information collected via certain cookies used for cross-context behavioral advertising. You can exercise this right through our Cookie Settings.
C. Managing Cookies via Browser Settings: You have the option to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.
D. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or not.
E. Disabling cookies may prevent you from taking full advantage of the Website's features and may affect the functionality of certain parts of our Website.
F. Browser-Specific Instructions:
- Chrome: Settings > Privacy and Security > Site Settings > Cookies and other site data
- Firefox: Options > Privacy & Security
- Safari: Preferences > Privacy
- Edge: Settings > Privacy, search, and services
- (Please refer to your browser's help section for up-to-date instructions.)

7. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, accidental loss, disclosure, alteration, or destruction, in accordance with applicable data protection laws. These measures include:
1) Encryption of personal data (where appropriate).
2) Access controls to our systems.
3) Regular security assessments and audits.
4) Employee training on data protection and security.

8. Data Protection Officer (DPO) / Privacy Contact Person

For any questions regarding this Privacy Policy and Cookie Policy or your personal data, or to exercise your rights, please contact:
Data Protection Officer (DPO) / Privacy Contact Person
- Name: Sanghun Choi
- Title: Head of Public Relations Section, Communications Department, Planning Headquarters
- Email: privacy@wydseoul.org

9. Supervisory Authority / Data Protection Authority

You have the right to lodge a complaint with a competent supervisory authority regarding our processing of your personal data.
1) For GDPR/UK GDPR users: You can find a list of data protection authorities in your country at [link to relevant authority list, e.g., European Data Protection Board for GDPR, ICO for UK GDPR].
2) For other jurisdictions: Please refer to your local data protection authority.

10. Changes to This Privacy Policy and Cookie Policy

We may update this Privacy Policy and Cookie Policy from time to time to reflect changes in our practices or legal obligations. We will notify you of any material changes by posting the updated policy on our Website and, where appropriate, by other communication methods (e.g., email). The "Last Updated" date at the bottom of this policy will indicate when it was last revised.

Cookie Settings

• Effective Date: December 19, 2025

• Last Updated: December 19, 2025